diff --git a/flake.lock b/flake.lock index 0741d36..ff18c68 100644 --- a/flake.lock +++ b/flake.lock @@ -31,10 +31,28 @@ "type": "github" } }, + "openwrt": { + "flake": false, + "locked": { + "lastModified": 1635777325, + "narHash": "sha256-NigEYi+patV+QHfC/KKvgyKypfzw51RsC2MaPmbJXtc=", + "ref": "openwrt-21.02", + "rev": "b4c40a7efc59caada8190d545d077521c747b7cc", + "revCount": 50790, + "type": "git", + "url": "https://git.openwrt.org/openwrt/openwrt.git" + }, + "original": { + "ref": "openwrt-21.02", + "type": "git", + "url": "https://git.openwrt.org/openwrt/openwrt.git" + } + }, "root": { "inputs": { "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", + "openwrt": "openwrt", "zentralwerk-network-key": "zentralwerk-network-key" } }, diff --git a/flake.nix b/flake.nix index 18a84d2..fabf08a 100644 --- a/flake.nix +++ b/flake.nix @@ -4,12 +4,15 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/release-21.05"; nixpkgs-master.url = "github:NixOS/nixpkgs"; + openwrt.url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02"; + openwrt.flake = false; + # `nix flake update --override-flake zentralwerk-network-key git+file:///...` # to provide the GPG secret key zentralwerk-network-key.url = "git+https://gitea.c3d2.de/zentralwerk/network.git?dir=nix/key"; }; - outputs = inputs@{ self, nixpkgs, nixpkgs-master, zentralwerk-network-key }: + outputs = inputs@{ self, nixpkgs, nixpkgs-master, openwrt, zentralwerk-network-key }: let system = "x86_64-linux"; systems = [ system ]; @@ -31,6 +34,7 @@ import ./nix/lib { inherit self; inherit (zentralwerk-network-key.lib) gpgKey; + inherit openwrt; pkgs = nixpkgs.legacyPackages.x86_64-linux; }); diff --git a/nix/lib/config/legacy.nix b/nix/lib/config/legacy.nix index 2506d3e..7df3819 100644 --- a/nix/lib/config/legacy.nix +++ b/nix/lib/config/legacy.nix @@ -400,6 +400,7 @@ in (builtins.mapAttrs (_: ap: { inherit (ap) model location password; role = "ap"; + interfaces = builtins.foldl' (interfaces: net: interfaces // { "${net}" = { type = "bridge"; diff --git a/nix/lib/default.nix b/nix/lib/default.nix index 8ad930a..1af647c 100644 --- a/nix/lib/default.nix +++ b/nix/lib/default.nix @@ -1,4 +1,4 @@ -{ self, gpgKey, pkgs }: +{ self, gpgKey, pkgs, openwrt }: rec { config = import ./config { inherit self pkgs gpgKey; }; @@ -14,4 +14,6 @@ rec { subnet = import ./subnet { inherit pkgs; }; dns = import ./dns.nix { inherit pkgs config; }; + + openwrtModels = import ./openwrt-models.nix { inherit self openwrt; }; } diff --git a/nix/lib/openwrt-models.nix b/nix/lib/openwrt-models.nix new file mode 100644 index 000000000..fc7a2d0 --- /dev/null +++ b/nix/lib/openwrt-models.nix @@ -0,0 +1,130 @@ +{ self, openwrt }: +let + # the files that contain port definitions + defFiles = builtins.filter + (self.lib.hasSuffix "/etc/board.d/02_network") + (self.lib.filesystem.listFilesRecursive "${openwrt}/target/linux"); + # files contents as one string + defSource = builtins.concatStringsSep "\n" ( + map builtins.readFile defFiles + ); + defSourceLines = builtins.filter (s: s != []) ( + builtins.split "\n" ( + builtins.replaceStrings + [ "\\\n" ] [ "" ] defSource + )); + + parseCommand = line: + let + tokens = builtins.split "[[:space:]]+" line; + words = + builtins.map (word: + let m = builtins.match "\"(.+)\"" word; + in if m != null + then builtins.head m + else word + ) ( + builtins.filter (word: + word != [] && word != "" + ) tokens + ); + command = builtins.head words; + args = builtins.tail words; + commands = { + ucidef_add_switch.ports = builtins.foldl' (ports: arg: + let + switch = builtins.head args; + m1 = builtins.match "([[:digit:]]+):(.+)" arg; + m2 = builtins.match "([[:digit:]]+)([ut]?)@(.+)" arg; + m2flag = builtins.elemAt m2 1; + port = if m1 != null + then { + inherit switch; + type = "port"; + index = builtins.elemAt m1 0; + port = builtins.elemAt m1 1; + } + else if m2 != null + then { + inherit switch; + type = "host"; + index = builtins.elemAt m2 0; + interface = builtins.elemAt m2 2; + } // self.lib.optionalAttrs (m2flag == "u") { + only = "untagged"; + } // self.lib.optionalAttrs (m2flag == "t") { + only = "tagged"; + } + else throw "Unimplemented port scheme: ${arg}"; + in if m1 != null || m2 != null + then ports // { + "${port.index}" = port; + } + else builtins.trace "Unimplemented port scheme: ${arg}" ports + ) {} (builtins.tail args); + }; + in + if commands ? ${command} + then commands.${command} + else { + unknown."${command}" = args; + }; + +in ( + builtins.foldl' ({ state, result, models ? null, data ? {} }: line: + if state == "start" + then + if builtins.match "[[:space:]]*case \"\\$board\" in" line != null + then { state = "case"; inherit result; } + else { inherit state result; } + + else if state == "case" + then + if builtins.match "[[:space:]]*esac" line != null + then { state = "start"; inherit result; } + else + let + m = builtins.match "[[:space:]]*(.+)\\)" line; + in + if m == null + then { inherit state result; } + else { + inherit result; + state = "model"; + models = + builtins.filter (m: m != null) ( + map (s: + let + m = builtins.split "," s; + in + if s != [] && + m != null && + builtins.length m == 3 + then { + vendor = builtins.elemAt m 0; + model = builtins.elemAt m 2; + } + else null + ) ( + builtins.split "[[:space:]]*\\|[[:space:]]*" ( + builtins.head m + ))); + } + + else if state == "model" + then + if builtins.match "[[:space:]]*;;" line != null + then { + state = "case"; + result = result ++ [ { + inherit models data; + } ]; + } + else { + inherit result state models; + data = self.lib.recursiveUpdate data (parseCommand line); + } + + else throw "Invalid state ${state}" + ) { state = "start"; result = []; } defSourceLines +).result diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 8a29fbd..9e9e70a 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -5,12 +5,12 @@ let pkgs = nixpkgs.legacyPackages.${system}; - export-config-file = builtins.toFile "config.nix" ( + export-openwrt-models = pkgs.writeText "openwrt-models.nix" ( + nixpkgs.lib.generators.toPretty {} self.lib.openwrtModels + ); + export-config = pkgs.writeText "config.nix" ( nixpkgs.lib.generators.toPretty {} config ); - export-config = pkgs.runCommandLocal "config.nix" {} '' - cp ${export-config-file} $out - ''; salt-pillar-file = hostName: builtins.toFile "${hostName}.yaml" ( nixpkgs.lib.generators.toPretty {} (self.lib.saltPillarFor hostName) @@ -64,5 +64,5 @@ let }; in salt-pillars // rootfs-packages // vm-packages // device-templates // starlink // { - inherit export-config dns-slaves; + inherit export-openwrt-models export-config dns-slaves; } diff --git a/salt-pillar/cpe/aps.sls b/salt-pillar/cpe/aps.sls index be968a0..501ef35 100644 --- a/salt-pillar/cpe/aps.sls +++ b/salt-pillar/cpe/aps.sls @@ -14,7 +14,7 @@ cpe: 4p+9mAt3NWq5 =QPF0 -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: weg lan-access: priv6 @@ -56,7 +56,7 @@ cpe: =Tlu+ -----END PGP MESSAGE----- - model: TL-Archer-C7v2 + model: tl-archer-c7-v2 version: release location: C3D2 Backstage lan-access: c3d2 @@ -119,7 +119,7 @@ cpe: =kpf2 -----END PGP MESSAGE----- - model: TL-WDR4300 + model: tl-wdr4300-v1 version: release location: C3D2 Keller # Manually: VLAN 1+4 on port 1, VLAN 4 on port 5 @@ -182,7 +182,7 @@ cpe: kpwuSSzZvXNK =JLKE -----END PGP MESSAGE----- - model: TL-WR1043ND + model: tl-wr1043nd-v1 version: release location: Returned lan-access: priv4 @@ -223,7 +223,7 @@ cpe: kpwuSSzZvXNK =JLKE -----END PGP MESSAGE----- - model: TL-WR1043ND + model: tl-wr1043nd-v1 version: release location: a lan-access: priv5 @@ -263,7 +263,7 @@ cpe: rxgsW3bwIysHRYkg90GDmW505fNiC96aEA== =Noqk -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: Broken flash lan-access: pub @@ -289,7 +289,7 @@ cpe: rxgsW3bwIysHRYkg90GDmW505fNiC96aEA== =Noqk -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: Turm D, 5. Etage lan-access: pub @@ -330,7 +330,7 @@ cpe: rxgsW3bwIysHRYkg90GDmW505fNiC96aEA== =Noqk -----END PGP MESSAGE----- - model: TL-WDR4300 + model: tl-wdr4300-v1 version: release location: Poelzi lan-access: c3d2 @@ -406,7 +406,7 @@ cpe: 4p+9mAt3NWq5 =QPF0 -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: Turm D, 2. Etage lan-access: pub @@ -447,7 +447,7 @@ cpe: 4p+9mAt3NWq5 =QPF0 -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: Turm D, 1. Etage lan-access: pub @@ -503,7 +503,7 @@ cpe: o5l9+IGeKMU= =8sEk -----END PGP MESSAGE----- - model: TL-WR1043ND + model: tl-wr1043nd-v1 version: release location: B 2.03.04 lan-access: priv8 @@ -544,7 +544,7 @@ cpe: BEELWgTZJzE= =ECvx -----END PGP MESSAGE----- - model: TL-WR841Nv8 + model: tl-wr841n-v8 version: release location: Turm D, 4. Etage lan-access: pub @@ -600,7 +600,7 @@ cpe: BEELWgTZJzE= =ECvx -----END PGP MESSAGE----- - model: DIR-615H1 + model: dir-615-h1 version: release location: 'Stolen? (was: Turm C 1. Etage)' lan-access: pub @@ -626,7 +626,7 @@ cpe: ZLBzZVhVZJoO9Q== =bGE5 -----END PGP MESSAGE----- - model: TL-WR1043ND + model: tl-wr1043nd-v1 version: release location: Auf Halde lan-access: pub @@ -652,7 +652,7 @@ cpe: ZLBzZVhVZJoO9Q== =bGE5 -----END PGP MESSAGE----- - model: TL-WR1043ND + model: tl-wr1043nd-v1 version: release location: B4.09.01 lan-access: priv10 @@ -693,7 +693,7 @@ cpe: ZLBzZVhVZJoO9Q== =bGE5 -----END PGP MESSAGE----- - model: TL-WR1043ND + model: tl-wr1043nd-v1 version: release location: Turm C, 2. Etage lan-access: priv33 @@ -764,7 +764,7 @@ cpe: ZLBzZVhVZJoO9Q== =bGE5 -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: Haus B, 2. Etage, zum Innenhof lan-access: priv9 @@ -805,7 +805,7 @@ cpe: ZLBzZVhVZJoO9Q== =bGE5 -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: Turm C oberste Etage lan-access: pub @@ -861,7 +861,7 @@ cpe: nfZjlJbn =MC+3 -----END PGP MESSAGE----- - model: Ubnt-UniFi-AP-AC-LR + model: unifiac-lite version: release location: "Foyer (DS20)" radios: @@ -922,7 +922,7 @@ cpe: 0wbkaiNHsshKWw== =MXwF -----END PGP MESSAGE----- - model: TL-WR740N + model: tl-wr740n-v1 version: release location: Haus B Souterrain unter der Treppe an Turm D lan-access: pub @@ -948,7 +948,7 @@ cpe: 0wbkaiNHsshKWw== =MXwF -----END PGP MESSAGE----- - model: Ubnt-UniFi-AP-AC-LR + model: unifiac-lite version: release location: Seminarraum, Haus B radios: @@ -1009,7 +1009,7 @@ cpe: FvUs2Ms= =nKEk -----END PGP MESSAGE----- - model: TL-WR740N + model: tl-wr740n-v1 version: release location: Farbwerk lan-access: priv12 @@ -1050,7 +1050,7 @@ cpe: rmWoaCk= =Lj6m -----END PGP MESSAGE----- - model: TL-WR740N + model: tl-wr740n-v1 version: release location: Farbwerk lan-access: priv12 @@ -1091,7 +1091,7 @@ cpe: lorv3GDp =C8xr -----END PGP MESSAGE----- - model: TL-WR740N + model: tl-wr740n-v1 version: release location: Turm C, 1. Etage lan-access: pub @@ -1132,7 +1132,7 @@ cpe: 8jprrw== =dnNO -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: "Weg?" lan-access: pub @@ -1159,7 +1159,7 @@ cpe: BEELWgTZJzE= =ECvx -----END PGP MESSAGE----- - model: TL-WR841Nv8 + model: tl-wr841n-v8 version: release location: Tunnel lan-access: pub @@ -1185,7 +1185,7 @@ cpe: WQ7tY7Ma5Jry =Yjyd -----END PGP MESSAGE----- - model: TL-Archer-C7v4 + model: tl-archer-c7-v4 version: nightly location: B1.05.07 lan-access: priv13 @@ -1247,7 +1247,7 @@ cpe: ZBOMWyH63lKB+g== =ugCM -----END PGP MESSAGE----- - model: TL-WR1043NDv4 + model: tl-wr1043nd-v4 version: release location: B 4.02 lan-access: priv14 @@ -1288,7 +1288,7 @@ cpe: 0wbkaiNHsshKWw== =MXwF -----END PGP MESSAGE----- - model: Ubnt-UniFi-AP-AC-LR + model: unifiac-lite version: release location: C3D2 Assembly radios: @@ -1331,7 +1331,6 @@ cpe: 'pci0000:00/0000:00:00.0': channel: 149 htmode: VHT80 - hwmode: "11a" ssids: 'ZW public': net: pub @@ -1365,7 +1364,7 @@ cpe: 0wbkaiNHsshKWw== =MXwF -----END PGP MESSAGE----- - model: Ubnt-UniFi-AP-AC-LR + model: unifiac-lite version: release location: "Auf Lager" radios: @@ -1426,7 +1425,7 @@ cpe: 0wbkaiNHsshKWw== =MXwF -----END PGP MESSAGE----- - model: Ubnt-UniFi-AP-AC-LR + model: unifiac-lite version: release location: "C3D2 Podest/Hinterhof" radios: @@ -1487,7 +1486,7 @@ cpe: 0wbkaiNHsshKWw== =MXwF -----END PGP MESSAGE----- - model: Ubnt-UniFi-AP-AC-LR + model: unifiac-lite version: release location: "Hof (temporary)" radios: @@ -1520,7 +1519,7 @@ cpe: ZBOMWyH63lKB+g== =ugCM -----END PGP MESSAGE----- - model: TL-WR1043NDv5 + model: tl-wr1043nd-v5 version: release location: B 4.08 lan-access: priv18 @@ -1564,7 +1563,7 @@ cpe: lorv3GDp =C8xr -----END PGP MESSAGE----- - model: TL-WR740N + model: tl-wr740n-v1 version: release location: Reserve lan-access: pub @@ -1605,7 +1604,7 @@ cpe: wtRDs5gZULQ= =eFFg -----END PGP MESSAGE----- - model: TL-Archer-C7v5 + model: tl-archer-c7-v5 version: 18.06.1 location: B3.11.01 lan-access: priv19 @@ -1666,7 +1665,7 @@ cpe: GYuZOJTS2vY= =Uy9e -----END PGP MESSAGE----- - model: TL-Archer-C7v4 + model: tl-archer-c7-v4 version: 18.06.1 location: ECCE-Raum lan-access: pub @@ -1758,7 +1757,7 @@ cpe: dq+HHA== =Sc0n -----END PGP MESSAGE----- - model: DIR-615D4 + model: dir-615-d version: nightly location: 'private' lan-access: pub @@ -1799,7 +1798,7 @@ cpe: wtRDs5gZULQ= =eFFg -----END PGP MESSAGE----- - model: TL-Archer-C7v5 + model: tl-archer-c7-v5 version: 18.06.4 location: B4.01 lan-access: priv22 @@ -1861,7 +1860,7 @@ cpe: S25QWs7T =3ci0 -----END PGP MESSAGE----- - model: TL-Archer-C7v5 + model: tl-archer-c7-v5 version: 18.06.4 location: B3.01 lan-access: priv26 @@ -1923,7 +1922,7 @@ cpe: kpwuSSzZvXNK =JLKE -----END PGP MESSAGE----- - model: TL-Archer-C7v5 + model: tl-archer-c7-v5 version: release location: Dresden School of Lindy Hop lan-access: priv4 @@ -1985,7 +1984,7 @@ cpe: sLzZnEo= =DoHm -----END PGP MESSAGE----- - model: TL-WR1043ND + model: tl-wr1043nd-v1 version: release location: "B 2.05.03" lan-access: priv27 @@ -2025,7 +2024,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd error-led: "blue:dome" version: release location: "Saal A vorn" @@ -2086,7 +2085,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd error-led: "blue:dome" version: release location: "Saal A mitte" @@ -2147,7 +2146,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd error-led: "blue:dome" version: release location: "Saal A hinten" @@ -2238,7 +2237,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd error-led: "blue:dome" version: release location: "Saal Foyer" @@ -2299,7 +2298,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd error-led: "blue:dome" version: release location: "Saal A Kleiner Saal Tuer" @@ -2360,7 +2359,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd error-led: "blue:dome" version: release location: "Saal A Kabinett" @@ -2421,7 +2420,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd error-led: "blue:dome" version: release location: "Saal A Kleiner Saal Buehne" @@ -2498,7 +2497,7 @@ cpe: =Tlu+ -----END PGP MESSAGE----- - model: TL-Archer-C7v2 + model: tl-archer-c7-v2 version: release location: antrares lan-access: priv17 @@ -2562,7 +2561,7 @@ cpe: SRWSVEnm =PSjs -----END PGP MESSAGE----- - model: Ubnt-UAP-nanoHD + model: unifi-nanohd version: release location: "Saal (TODO)" radios: @@ -2623,7 +2622,7 @@ cpe: 4vqWxQ== =XDXZ -----END PGP MESSAGE----- - model: TL-WR841N + model: tl-wr841n-v10 version: release location: "B2.05.01" lan-access: priv11 @@ -2664,7 +2663,7 @@ cpe: uU8h2Z0= =pYTp -----END PGP MESSAGE----- - model: TL-Archer-C7v5 + model: tl-archer-c7-v5 version: release location: "B1.05.02" lan-access: priv35 @@ -2726,7 +2725,7 @@ cpe: s+n2PQ== =Hv9n -----END PGP MESSAGE----- - model: TL-Archer-C7v5 + model: tl-archer-c7-v5 version: 19.07.7 location: B3.05.03 lan-access: priv6 @@ -2788,7 +2787,7 @@ cpe: s+n2PQ== =Hv9n -----END PGP MESSAGE----- - model: TL-Archer-C7v5 + model: tl-archer-c7-v5 version: 19.07.7 location: B4.04.01 lan-access: priv6